MGM casinos are STILL under siege with slot machines offline and huge lines at check-in – five days after hackers first paralyzed the company
- Disruptions continued at MGM properties five days after Sunday’s initial breach
- Hacker gang threatened further attacks if casino giant fails to pay ransom
- Caesars also confirmed a cyber breach but appears to have paid off the hackers
Disruptions at hotels and casinos owned by MGM Resorts International are persisting, five days after the company was breached by hackers seeking a ransom payment to restore access.
On Thursday night, videos posted from MGM properties on the Las Vegas Strip, including ARIA and Bellagio, showed painfully long check-in lines, and some slot machines that remain offline.
Functioning slot machines are cash-only and set to handpay, meaning winnings must be doled out by human staffers, and MGM has been giving out dining credits and free alcohol to appease irate guests.
Meanwhile, in a statement late Thursday, hackers claiming responsibility for the breach said they maintained access to ‘some of MGM’s infrastructure’ and threatened ‘additional attacks’ if their ransom demands are not met.
MGM’s ongoing woes come after rival gaming giant Caesars Entertainment confirmed it had detected a breach last week — but Caesars reportedly paid a ransom of roughly $15 million, and has avoided any customer-facing disruptions.
The FBI told DailyMail.com that it is investigating the incidents at both Caesars and MGM, adding: ‘As this is an ongoing investigation, we are not able to provide any additional detail.’
Neither Caesars nor MGM have responded to multiple requests for comment from DailyMail.com throughout the week.
Both breaches appear to have been initiated through ‘social engineering’ attacks, in which the hackers tricked human targets into handing over login credentials, such as by impersonating real employees in phone calls to support lines.
Attribution for the attacks remained ambiguous. A group called Scattered Spider has contacted journalists claiming responsibility for both breaches, while an affiliated gang known as ALPHV posted a lengthy statement contradicting those claims and saying it conducted the MGM attack.
It is possible that the two groups, which are known to have an affiliate relationship, both took part in the attacks, or are actually factions within the same loose-knit hacker collective.
For MGM guests, the result of that company’s breach has been a week of confusion and frustration.
‘The MGM hack is causing chaos,’ posted X user Rachel Hooks from ARIA, sharing video of long lines and slot machines on the fritz. ‘Ridiculous check in queues and casinos down.’
At the Bellagio, @JacobLasVegasLife posted video showing huge lines for hotel check-in.
MGM’s hotels have reportedly been forced to adopt antiquated measures at check-in desks, writing down guest information and credit card numbers by hand as system disruptions persist.
User @LasVegasLocally shared photos of $25 dining and beverage vouchers, writing: ‘MGM Resorts employees have been given stacks of “guest recovery vouchers” to hand to any hotel guest who complains about basically anything at all this weekend.’
Other photos posted by @VitalVegas showed staff at MGM properties offering free wine and beer to guests as they waited in lengthy lines to check in.
In one sign of a slow return to normal, MGM Resorts’ main website finally resumed functioning, although online hotel reservations remained unavailable on Friday morning.
‘For hotel reservations arriving September 13-17, 2023, we understand your travel plans may have changed, so we are waiving change and cancellations fees,’ the website advises. ‘Thank you for your patience.’
Meanwhile, the hacker gang ALPHV, also known as BlackCat, spoke out in a lengthy statement posted to its darkweb ransom site on Thursday evening.
Without naming Scattered Spider, ALPHV dismissed reports of that group’s involvement as ‘rumors’, though they did not explicitly deny Scattered Spider’s involvement.
The hackers claimed that they had infiltrated MGM’s network by Friday September 8, and that the initial disruptions to the company’s system last weekend were actually the result of MGM employees frantically disconnecting devices to stem the attack.
‘Due to their network engineers’ lack of understanding of how the network functions, network access was problematic on Saturday,’ the hackers claimed.
‘They then made the decision to “take offline” seemingly important components of their infrastructure on Sunday,’ the group added.
ALPHV said it launched its ransomware attack on Monday, September 11, encrypting more than 100 bare-metal hypervisors in MGM’s server environment.
The hacker group said it had made ‘multiple attempts’ to contact MGM with ransom demands, but had received no response aside from an unidentified user lurking silently in the chatroom set up to conduct the negotiations.
‘We believe MGM will not agree to a deal with up,’ the hackers said. ‘We still continue to have access to some of MGM’s infrastructure. If a deal is not reached, we shall carry out additional attacks.’
‘We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us,’ added ALPHV.
The group’s claims could not be independently verified.